1. Field of the Invention
The present invention relates to techniques for controlling access to computational resources and data within computer systems. More specifically, the present invention relates to a method and an apparatus for authenticating a request between tasks in an operating system.
2. Related Art
In modern operating systems, a program may be associated with one or more independent processes, which may communicate with each other using inter-process communication (IPC) mechanisms provided by the operating system. In multi-user systems, such inter-process communication mechanisms can allow a process to provide services to processes associated with different users. In doing so, the process may provide different data or different levels of service to different calling processes based on users associated with the calling processes. However, a process providing such a service may not be able to simply trust an identity claimed by a calling process, because doing so would risk leaking sensitive information to an unauthorized user. Although some techniques authenticate callers by exchanging digital certificates and/or passwords via IPC, these techniques add additional overhead and complexity to inter-process interactions.
Hence, what is needed is a method that facilitates authenticating a request between processes without the above-described limitations.